Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/EvAR1ZaN0u0UxVoN8xCsGnHv544.roa
File:                     EvAR1ZaN0u0UxVoN8xCsGnHv544.roa (raw, json)
Hash identifier:          Eo3Lhr1LDAeenpWh+EiUloKD5RRgUgTxfLoVK5/uagc=
Subject key identifier:   12:F0:11:D5:96:8D:D2:ED:14:C5:5A:0D:F3:10:AC:1A:71:EF:E7:8E
Certificate issuer:       /CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
Certificate serial:       018CC56E11AF77E6E471D4EAB68EC0F0095D
Authority key identifier: 9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/EvAR1ZaN0u0UxVoN8xCsGnHv544.roa
Signing time:             Mon 01 Jan 2024 14:29:34 +0000
ROA not before:           Mon 01 Jan 2024 14:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47843
IP address blocks:        194.33.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:11:af:77:e6:e4:71:d4:ea:b6:8e:c0:f0:09:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c47ee73c28780b12f152cfa259ade3d8ae0d13b
        Validity
            Not Before: Jan  1 14:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12f011d5968dd2ed14c55a0df310ac1a71efe78e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:83:7b:1b:f1:df:92:55:cb:79:24:41:c3:60:
                    5e:86:07:87:a5:13:74:b2:52:33:90:ca:b8:70:19:
                    7e:f6:9c:62:b2:50:8d:5b:53:1a:76:d6:e0:ab:48:
                    b2:f2:f5:28:8c:48:8a:e0:a3:a7:0e:d7:ea:7c:fd:
                    37:2a:e9:7a:4f:e9:81:46:d7:c8:20:e2:63:09:6a:
                    2b:ea:da:bc:ee:c3:28:a7:ef:96:73:88:04:d6:13:
                    2b:13:4e:eb:c0:66:58:30:b5:5a:8c:4c:74:0b:5e:
                    67:29:14:bb:34:e3:e2:b8:7f:c0:f5:8b:74:68:09:
                    a7:4c:de:d5:5c:b2:fc:99:a7:f0:5d:b2:9b:86:c7:
                    ed:f5:be:58:f7:6c:49:5e:11:5f:95:48:f7:2f:cb:
                    3f:76:e5:9a:d3:0e:b4:1e:c4:df:5b:84:c7:31:e2:
                    ca:61:77:0a:1d:98:89:4f:79:d3:7a:0e:c8:41:18:
                    07:39:ef:42:3c:d5:89:c3:3f:16:98:78:16:83:89:
                    0f:15:fe:a0:e2:76:9b:25:00:3a:d5:3d:53:ef:4e:
                    4c:e4:f2:a3:db:1f:b7:00:65:4d:53:c2:73:10:63:
                    28:29:9a:59:6b:56:d8:70:5a:46:d5:a2:ca:73:9f:
                    16:bc:36:9f:25:8b:3f:c2:2b:bb:4f:8d:e6:19:a4:
                    b2:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:F0:11:D5:96:8D:D2:ED:14:C5:5A:0D:F3:10:AC:1A:71:EF:E7:8E
            X509v3 Authority Key Identifier:
                keyid:9C:47:EE:73:C2:87:80:B1:2F:15:2C:FA:25:9A:DE:3D:8A:E0:D1:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nEfuc8KHgLEvFSz6JZrePYrg0Ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/EvAR1ZaN0u0UxVoN8xCsGnHv544.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/c7c51d-4f90-4087-a13a-f3c1a9a11d73/1/nEfuc8KHgLEvFSz6JZrePYrg0Ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:1f:1d:39:f4:18:97:af:7b:0b:b2:ba:f8:55:e4:dd:18:87:
         a7:d1:1b:1c:c9:e7:4e:17:1d:d8:15:a4:9c:20:87:02:a9:87:
         77:e2:2b:0b:5e:8c:4d:91:1e:21:8e:f3:e4:fc:82:82:94:34:
         f2:e0:fa:36:cb:da:b5:8e:e5:3b:0c:37:f7:cd:7e:32:3b:ed:
         50:1b:53:6c:08:48:fd:ec:66:34:ed:d3:36:d0:be:08:10:d1:
         3c:f0:fc:a9:62:7d:0e:1e:c4:5c:6c:68:3d:ad:f4:61:ab:0e:
         a7:fa:a6:60:a3:10:9f:52:35:39:6f:6a:ad:ce:86:61:d8:b7:
         78:6f:ad:63:e3:44:c4:de:c2:78:9f:22:94:d5:d2:9c:7f:5a:
         43:31:27:37:6e:71:dc:31:42:6c:16:41:63:f8:43:20:44:92:
         15:43:fb:04:77:4d:09:82:0a:d9:1d:11:ff:3d:b8:bf:2b:c3:
         88:be:c6:a1:54:3b:1f:88:df:bf:77:96:78:6c:0d:1e:c1:40:
         58:cb:b8:8c:25:09:40:b9:d6:34:87:e5:f9:61:d6:ab:43:59:
         d9:d6:44:8c:0e:b7:98:10:6f:5e:61:e0:b4:01:e2:40:6b:40:
         c3:49:c2:0d:c7:9b:27:64:07:bd:f3:94:83:98:c4:58:ff:49:
         16:2b:66:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbhGvd+bkcdTqto7A8AldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNDdlZTczYzI4NzgwYjEyZjE1MmNmYTI1OWFkZTNkOGFl
MGQxM2IwHhcNMjQwMTAxMTQyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmYwMTFkNTk2OGRkMmVkMTRjNTVhMGRmMzEwYWMxYTcxZWZlNzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYN7G/HfklXLeSRBw2BehgeHpRN0
slIzkMq4cBl+9pxislCNW1Madtbgq0iy8vUojEiK4KOnDtfqfP03Kul6T+mBRtfI
IOJjCWor6tq87sMop++Wc4gE1hMrE07rwGZYMLVajEx0C15nKRS7NOPiuH/A9Yt0
aAmnTN7VXLL8mafwXbKbhsft9b5Y92xJXhFflUj3L8s/duWa0w60HsTfW4THMeLK
YXcKHZiJT3nTeg7IQRgHOe9CPNWJwz8WmHgWg4kPFf6g4nabJQA61T1T705M5PKj
2x+3AGVNU8JzEGMoKZpZa1bYcFpG1aLKc58WvDafJYs/wiu7T43mGaSy3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLwEdWWjdLtFMVaDfMQrBpx7+eOMB8GA1UdIwQY
MBaAFJxH7nPCh4CxLxUs+iWa3j2K4NE7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2Et
ZjNjMWE5YTExZDczLzEvRXZBUjFaYU4wdTBVeFZvTjh4Q3NHbkh2NTQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9jN2M1MWQtNGY5MC00MDg3LWExM2EtZjNjMWE5YTExZDcz
LzEvbkVmdWM4S0hnTEV2RlN6NkpacmVQWXJnMFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiFrMA0G
CSqGSIb3DQEBCwUAA4IBAQCHHx059BiXr3sLsrr4VeTdGIen0RscyedOFx3YFaSc
IIcCqYd34isLXoxNkR4hjvPk/IKClDTy4Po2y9q1juU7DDf3zX4yO+1QG1NsCEj9
7GY07dM20L4IENE88PypYn0OHsRcbGg9rfRhqw6n+qZgoxCfUjU5b2qtzoZh2Ld4
b61j40TE3sJ4nyKU1dKcf1pDMSc3bnHcMUJsFkFj+EMgRJIVQ/sEd00JggrZHRH/
Pbi/K8OIvsahVDsfiN+/d5Z4bA0ewUBYy7iMJQlAudY0h+X5YdarQ1nZ1kSMDreY
EG9eYeC0AeJAa0DDScINx5snZAe985SDmMRY/0kWK2aZ
-----END CERTIFICATE-----